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DETAILED ACTION 

1 . This is in response to the communications filed on 5 December 2008. 

2. Claims 29-56 are pending in the application. 

3. Claims 29-56 have been rejected. 

4. Claims 1-28 have been cancelled. 

Response to Arguments 

5. Applicant's arguments filed 5 December 2008 have been fully considered but they are not 
persuasive. 

On page 1 1, the applicant argues that Fox fails to disclose or suggest at least an originator 
device that is configured "not to send a new item toward said recipient device in the absence of a 
respective digitally signed receipt for a previously sent item," as recited in independent claim 29. 

The examiner respectfully disagrees. Fox discloses that when an entity is authenticated 
then it will receive a reissue digital certificate (reissue is distinct from the certificate). However, 
if the certificate is not authenticated, then a reissue certificate is not issued. Authentication 
involves checking for a valid digital signature. 
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Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed tmder the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 2 1 (2) of such treaty in the English language. 

6. Claims 29-37, 42-50, 55 and 56 are rejected under 35 U.S.C. 102(e) as being anticipated by 

Fox et al U.S. Patent No. 6,842,863 Bl (hereinafter Fox). 

As to claim 29, Fox discloses a method of arranging communication between an 

administrator device and an administered device in a network, comprising the steps of: 

arranging the communication in the form of a chain of digitally signed 
communication items (i.e. the set of receipts/certificates generated by every 
transfer of the transaction forms a digitally-signed chain of evidence binding not 
only every step of the transaction but also every policy application that happened 
along the way. Of course, it is feasible to include less information than the total 
accximulated with each additional transaction) [column 9, lines 52-67] including 
messages sent from an originator device to a recipient device, each the message 
having associated a respective digitally signed receipt (i.e. the relying party's 
policy is met, step 714 branches to step 718 where the reissue certificate 80 and 
relying party policy information are combined to form a receipt . The receipt is 
forwarded to the end entity 60 in step 720) [column 10, lines 43-47]; and 



Application/Control Number: 1 0/5 80,43 8 Page 4 

Art Unit: 2431 

configuring the originator device not to send a new item toward the 
recipient device in the absence of a respective digitally signed receipt for a 
previously sent item [column 10, lines 48-58]. 
As to claims 30 and 43, Fox discloses the method, comprising the steps of: 

detecting at the originator device a respective digitally signed receipt item 
from the recipient device having failed to reach the originator device within a 
given time span after a message item has been issued by the originator device (i.e. 
The request message 77 may take a variety of different formats, including the 
formats and protocols of existing industry standards. Slight variations may be 
required to use some of the existing protocols. For example, the de facto industry 
standard for requesting a digital certificate for a public/private key pair is defined 
by a protocol known as the PKCS#10 protocol. PKCS#10 messages are self- 
signed to provide proof-of-possession of the corresponding private key. In the 
case of rea l -time status checking, the requesting party (i.e., the relying party 62) 
is not normally the same entity as that possessing the key pair in question, and 
thus does not possess the private key. Thus, if PKCS#10 message format is to be 
used, the certificate authority 66 is altered so as to receive a public key, an 
existing digital certificate, or both of these items with additional information. For 
example, the request could be slightly altered so as to distinguish the request from 
a standard PKCS#10 message by adding header information or the like 
identifying the request as a rea l -time status inquiry of an existing digital 
certificate or pubhc key.) [column 6, lines 32-51]; and 
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asking the recipient device for a signed statement indicating at least one of 
a last message item received and a last message item sent by the recipient device 
[column 6, lines 32-51]. 

As to claims 31 and 44, Fox discloses the step of storing with at least one of the 
administrator devices and the administered devices, a history record of communication items 
exchanged there between, the history record being agreed upon and signed by both the 
administrator device and the administered device (i.e. FIG. 6 illustrates how accumulated signed 
receipts, generated as part of the process of selling and re-selling a single transaction, 
encapsulate the transaction's history . Initially, party A holds transaction T and receipt/certificate 
Cert.sub.l, which describes how party A came to hold the transaction. Party A proposes to sell 
the transaction T to party B and sends party B the transaction T along with the receipt/certificate 
Cert.sub.l and other supporting evidence, if necessary. Party B evaluates the evidence to see that 
it satisfies its policy and if so, issues a receipt/certificate ("Cert.sub.2 ") as proof that its policy 
was satisfied. The new receipt/certificate Cert.sub.2 is returned to party A and the transaction 
between party A and party B concludes. Party B now holds transaction T, receipt/certificate 
Cert.sub.l (which references T) and receipt/certificate Cert.sub.2 (which references both 
transaction T and Cert.sub.l).) [column 9, lines 21-36]. 

As to claims 32 and 45, Fox discloses the step of carrying out at the originator device a 
session closing step mentioning at least one of a last message item received and a last message 
item sent by the recipient device (i.e. the relying party's policy is met, step 714 branches to step 
718 where the reissue certificate 80 and relying party policy information are combined to form a 
receipt . The receipt is forwarded to the end entity 60 in step 720) [column 10, lines 43-47]. 
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As to claims 33 and 46, Fox discloses the step of keeping with the originator device an 
indication of an on-going communication session as a pending session until a signed receipt item 
is received from the recipient device (i.e. the relying party's pohcy is met, step 714 branches to 
step 718 where the reissue certificate 80 and relying party policy information are combined to 
form a receipt . The receipt is forwarded to the end entity 60 in step 720) [column 10, lines 43- 
47]. 

As to claims 34 and 47, Fox discloses the step of inserting in the communication items, 
payload data and administrative commands accompanied by respective digital signatures (i.e. 
FIG. 5 shows a financial fransaction in which additional local inquiries, other than the status of a 
public key and/or a digital certificate, may be required by the policy evaluation engine 76. The 
additional policy information may be requested in the request message 77 and evaluated by the 
certificate authority 66, or may be determined independent of the certificate authority. If 
determined by the certificate authority 66, the information is added to the reissue certificate 80. 
If determined by the relying party, digitally signed signatures 87 or the like regarding the locally 
determined pohcy information may be generated and combined with the reissue digital certificate 
80 or, alternatively, the relying party may issue another reissue certificate incorporating the new 
information.) [column 8, lines 54-67]. 

As to claims 35 and 48, Fox discloses the step of causing the recipient device to verify 
digital signatures for validity [column 8, lines 54-67]. 

As to claims 36 and 49, Fox discloses the step of creating digital signatures under the full 
control of the device issuing such signatures [column 8, lines 54-67]. 
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As to claims 37 and 50, Fox discloses the step of associating secure digital signature 
evidence is associated with the digitally signed messages and receipts [column 8, lines 54-67]. 

As to claim 42, Fox discloses a system comprising an administrator device and an 
administered device in a network, the administrator device and administered device being 
configured for communication in the form of a chain of digitally signed communication items 
(i.e. the set of receipts/certificates generated by every transfer of the transaction forms a 
digitally-signed chain of evidence binding not only every step of the transaction but also every 
policy application that happened along the way. Of course, it is feasible to include less 
information than the total accumulated with each additional transaction) [column 9, lines 52-67] 
including messages sent from an originator device to a recipient device, each the message having 
associated a respective digitally signed receipt (i.e. the relying party's policy is met, step 714 
branches to step 718 where the reissue certificate 80 and relying party policy information are 
combined to form a receipt . The receipt is forwarded to the end entity 60 in step 720) [column 
10, lines 43-47], and wherein the originator device is configured not to send a new item toward 
the recipient device in the absence of a respective digitally signed receipt for a previously sent 
item [column 10, lines 48-58]. 

As to claim 55, Fox discloses a conmiunication network comprising a system [column 4, 
lines 30-43]. 

As to claim 56, Fox discloses a computer program product, loadable in the memory of at 
least one computer, and comprising software code portions capable of performing the steps of 
the method [column 3 line 65 to column 4 line 16]. 
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As to claim 55, Fox discloses a communication network comprising an administrator 
device and an administered device in a network, the administrator device and administered 
device being configured for communication in the form of a chain of digitally signed 
communication items including messages sent from an originator device to a recipient device, 
each the message having associated a respective digitally signed receipt (i.e. the set of 
receipts/certificates generated by every transfer of the transaction forms a digitally-signed chain 
of evidence binding not only every step of the transaction but also every policy application that 
happened along the way. Of course, it is feasible to include less information than the total 
accumulated with each additional transaction) [column 9, lines 52-67] including messages sent 
from an originator device to a recipient device, each the message having associated a respective 
digitally signed receipt (i.e. the relying party's policy is met, step 714 branches to step 718 where 
the reissue certificate 80 and relying party policy information are combined to form a receipt . 
The receipt is forwarded to the end entity 60 in step 720) [column 10, lines 43-47], and wherein 
the originator device is configured not to send a new item toward the recipient device in the 
absence of a respective digitally signed receipt for a previously sent item [column 10, lines 48- 
58]. 

As to claim 56, Fox discloses a computer program product, loadable in the memory of at 
least one computer, and comprising software code portions capable of performing the steps of a 
method of arranging communication between an administrator device and an administered 
device in a network, the method comprising: 

arranging the communication in the form of a chain of digitally signed 
communication items including messages sent from an originator device to a 
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recipient device, each the message having associated a respective digitally signed 
receipt (i.e. the set of receipts/certificates generated by every transfer of the 
transaction forms a digitally-signed chain of evidence binding not only every step 
of the transaction but also every policy application that happened along the way. 
Of course, it is feasible to include less information than the total accumulated with 
each additional transaction) [column 9, lines 52-67] including messages sent from 
an originator device to a recipient device, each the message having associated a 
respective digitally signed receipt (i.e. the relying party's policy is met, step 714 
branches to step 718 where the reissue certificate 80 and relying party policy 
information are combined to form a receipt . The receipt is forwarded to the end 
entity 60 in step 720) [column 10, lines 43-47]; and 

configuring the originator device not to send a new item toward the 
recipient device in the absence of a respective digitally signed receipt for a 
previously sent item [column 10, lines 48-58]. 

Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 

such that the subject matter as a whole would have been ob\ ious at the time the invention was made to a person 
having ordinary skill in the art to which the subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

7. Claims 38 and 51 are rejected under 35 U.S.C. 103(a) as being unpatentable over Fox et al 

U.S. Patent No. 6,842,863 Bl (hereinafter Fox) as applied to claims 29 and 42 above, and fiirther 

in view of Fiat U.S. Patent No. 4,964,164. 
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As to claims 38 and 51, Fox teaches digital signatures [column 8, lines 54-67]. 
Fox does not teach that the secure digital signature evidence is in the form of RSA class 
digital signatures. 

Fiat teaches the use of RSA digital signatures and the benefit of using such a scheme 
[column 3, lines 30-62]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Fox so that the digital signatures employed by 
Fox would have been RSA type signatures. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Fox by the teaching of Fiat because the RSA algorithm 
provides an elegant means for fulfilling these requirements, by using the RSA algorithm as 
digital signature exponents. The sender of a signature represented as a signed-message-data 
signal can sign his signature using his own secret key, which is normally the decryption key. The 
signing of a signature using one's own secret key can be viewed as taking the eth root of a 
signature, modulo n. Anyone can verify the signed-message-data signal using the sender's 
published key, e. The verification of the signature represented as a verified-message-data signal 
can be viewed as raising the signed-message-data signal to the eth power, modulo n. If this 
verification produces the correct verified-message-data signal, then the signed-message-data 
signal can only have come from the appropriate sender, and thus both its contents and origin 
have been authenticated. Note, however, that the verification no longer offers protection against 
disclosure of contents, as anyone can verify the signed-message-data signal using the public key 
exponent [column 2, lines 37-56] . 
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8. Claims 39-41 and 52-54 are rejected under 35 U.S.C. 103(a) as being unpatentable over Fox 
et al U.S. Patent No. 6,842,863 Bl (hereinafter Fox) as applied to claims 29 and 42 above, and 
further in view of Wildish et al US 2003/01 15457 Al (hereinafter Wildish). 

As to claims 39-41 and 52-54, Fox the steps of arranging communication between a set of 
administrator devices (i.e. relying party 62) and a given administered device (i.e. end entity 60). 

Fox does not teach permitting at least one administrator device in the set to hide its 
identity to the administered device. Fox does not teach the step of hiding the identity of the at 
least one administrator device to the administered device by using at least one of group 
signatures or pseudonym digital certificates. Fox does not teach the step of resuming a session 
interrupted in the absence of a receipt provided by the at least one administrator hiding its 
identity to a message sent by the given administered device, wherein the session is resumed by 
the at least one administrator hiding its identity. 

Wildish teaches a device hiding its identity by using pseudonym digital certificates 
[0019-0022]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Fox so that the relying party 62 would have had 
the ability of hiding its identity to the end entity 60 by the use of pseudonym certificates. A 
session would have been interrupted in the absence of a receipt provided by the at least one 
administrator hiding its identity to a message sent by the given administered device. The session 
would have been resumed by the at least one administrator hiding its identity. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Fox by the teaching of Wildish because the use of compact 
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pseudonyms in public key certificates also provides a low-overhead method to reference a 
certificate chain that can be used to verify the authenticity of an end-entity's digital certificate. In 
many standard security protocols such as TLS, WTLS, SSL or S/MIME, an entity using a digital 
certificate to authenticate itself generally provides a list of digital certificates that can be used to 
construct a chain for some other party to verify the authenticity of the entity's certificate. For 
applications over constrained networks such as wireless networks, this increases the bandwidth 
used. Further, for constrained devices such as smartcards or mobile phones, there may be limited 
storage space to store the required certificates. An improved method of conveying information 
used to construct the certificate chain is needed and this invention is an effective method of 
identifying the certificate chain as a concatenation of pseudonyms [001 1]. 

Conclusion 

9. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to ARAVIND K. MOORTHY whose telephone number is 
(571)272-3793. The examiner can normally be reached on Monday-Friday, 8:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published appUcations 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Aravind K Moorthy/ 
Examiner, Art Unit 243 1 
/Ayaz R. Sheikh/ 

Supervisory Patent Examiner, Art Unit 243 1 



